简单几招助您加速 ARM 容器应用开发和测试流程

https://yq.aliyun.com/articles/712584

随着5G时代的临近,低延迟网络、AI硬件算力提升、和智能化应用快速发展,一个万物智联的时代必将到来。我们需要将智能决策、实时处理能力从云延展到边缘和IoT设备端。阿里云容器服务推出了边缘容器,支持云-边-端应用一体协同。在IoT和边缘计算场景,我们不但需要支持X86芯片也要提供对ARM架构芯片的支持。此外随着国产ARM CPU的快速发展,也需要我们在产品测提供ARM版本的容器产品支持。本文将介绍一些简单的技术来加速 ARM 容器应用的开发和测试流程。

X86环境构建ARM架构Docker镜像

今年4月24日,Docker公司与ARM公司宣布合作伙伴计划,为Docker的工具优化面向ARM平台的开发者体验。Docker开发者可以在x86桌面端为ARM设备构建容器镜像,并可将容器应用部署至云端、边缘以及物联网设备。整个容器构建流程非常简单,无需任何交叉编译步骤。

Docker Desktop 是 macOS 和 Windows平台的容器开发环境。Docker会借助宿主机操作系统的虚拟化技术,如Windows的Hyper-V和 macOS的HyperKit,来运行Docker开发环境。在最新的Docker版本中,LinuxKit作为面向容器的操作系统,增加了QEMU模拟器,可以支持ARM架构CPU。现在可以支持 arm/v6, arm/v7 和 arm64 架构应用。架构图如下:

image.png

首先安装最新edge版本的 Docker Desktop,Docker Engine版本需要大于 19.03。

image.png

在Docker Desktop中,选择 “Preference…” > “Command Line” > “Enable experimental features” 开启实验特性。

image.png

Docker新增加了 docker buildx 命令

$ docker buildx --help

Usage:  docker buildx COMMAND

Build with BuildKit

Management Commands:
  imagetools  Commands to work on images in registry

Commands:
  bake        Build from a file
  build       Start a build
  create      Create a new builder instance
  inspect     Inspect current builder instance
  ls          List builder instances
  rm          Remove a builder instance
  stop        Stop builder instance
  use         Set the current builder instance
  version     Show buildx version information

Run 'docker buildx COMMAND --help' for more information on a command.

我们可以查看一下当前builder的状态

$ docker buildx ls
NAME/NODE DRIVER/ENDPOINT STATUS  PLATFORMS
default * docker
  default default         running linux/amd64, linux/arm64, linux/arm/v7, linux/arm/v6

创建一个 mybuilder 实例,设置为默认构建器并激活ARM构建能力

$ docker buildx create --name mybuilder
mybuilder
$ docker buildx use mybuilder
$ docker buildx inspect --bootstrap
[+] Building 20.2s (1/1) FINISHED
 => [internal] booting buildkit                                           20.2s
 => => pulling image moby/buildkit:master                                 19.6s
 => => creating container buildx_buildkit_mybuilder0                       0.6s
Name:   mybuilder
Driver: docker-container
Nodes:
Name:      mybuilder0
Endpoint:  unix:///var/run/docker.sock
Status:    running
Platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/arm/v6

从Github获取测试应用

$ git clone https://github.com/adamparco/helloworld
$ cd helloworld

Docker Hub创建一个测试Repository

image.png

自从Docker registry v2.3和Docker 1.10开始,Docker通过支持新的image Media 类型 manifest list 实现了Multi-architecture Docker镜像功能,支持在一个镜像中同时包含多种CPU体系架构的镜像层。

为测试应用构建多CPU体系架构镜像,包含x86, ARM 64和ARM v7支持,并推送到 Docker Hub

$ docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 -t denverdino/multiarch --push .
  .
[+] Building 26.1s (31/31) FINISHED
...
 => [linux/arm64 internal] load metadata for docker.io/library/python:3.7-alpine                                                                                                                                                         2.9s
 => [linux/arm/v7 internal] load metadata for docker.io/library/python:3.7-alpine                                                                                                                                                        3.2s
 => [linux/amd64 internal] load metadata for docker.io/library/python:3.7-alpine                                                                                                                                                         2.9s
...
 => exporting to image                                                                                                                                                                                                                  22.8s
 => => exporting layers                                                                                                                                                                                                                  1.0s
 => => exporting manifest sha256:f8739d2eb9f1b043e5d44e962c79d353261a257ffa6c8332b762b5d811d54c1a                                                                                                                                        0.0s
 => => exporting config sha256:528fc30a95957bf3c6c1bb4ea77793a2a484c0c5b87f3efad6bbc9dbc2df6a90                                                                                                                                          0.0s
 => => exporting manifest sha256:b52df7ab39acbe3ebb8b5d9e6a8069b9c916f1811b81aa84dd3b9dd9b4304536                                                                                                                                        0.0s
 => => exporting config sha256:9712542f20d1dd16c7332f664432a1b37c6254fefe7d4cb7806b74997467da07                                                                                                                                          0.0s
 => => exporting manifest sha256:698969718e9a316003a7fb4c2fe26216c95672e3e92372d25b01a6db5295e9e7                                                                                                                                        0.0s
 => => exporting config sha256:f636eaa8cec74fa574f99318cddd01b37a9e7c21708f94e11ae6575b34ca18f7                                                                                                                                          0.0s
 => => exporting manifest list sha256:3da22eea857f889ade3c85a2d41ed17db727385f78096e3dcf74ae039f164281                                                                                                                                   0.0s
 => => pushing layers                                                                                                                                                                                                                   18.3s
 => => pushing manifest for docker.io/denverdino/multiarch:latest

我们可以在Docker Hub查看镜像信息

image.png

在Mac上面执行构建出来的镜像,

$ docker run -p5000:5000 denverdino/multiarch
 * Serving Flask app "hello" (lazy loading)
 * Environment: production
   WARNING: Do not use the development server in a production environment.
   Use a production WSGI server instead.
 * Debug mode: off
 * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)

访问 http://0.0.0.0:5000/ 可以看到当前CPU架构为 x86_64

image.png

登录到树莓派(Raspbian基于ARMv7),执行如下命令,运行同样的容器镜像

pi@raspberrypi:~ $ docker run -p5000:5000 denverdino/multiarch
* Serving Flask app "hello" (lazy loading)
* Environment: production
  WARNING: Do not use the development server in a production environment.
  Use a production WSGI server instead.
* Debug mode: off
* Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)

打开浏览器访问 raspberrypi:5000 ,可以看到当前CPU架构为 armv7l

image.png

X86环境执行ARM架构Docker镜像

我们首先构建一个ARMv7版本的镜像

docker buildx build --platform linux/arm/v7 -t denverdino/multiarch:armv7 --push .
[+] Building 67.9s (13/13) FINISHED
...
 => => pushing layers                                                                                                                                                                                                                    8.5s
 => => pushing manifest for docker.io/denverdino/multiarch:armv7

Linux 内核中 binfmt_misc 允许注册一个“解释器”,在运行可执行文件的时候调用自定义解释器。Linux 4.8 版本在 binfmt_misc 中增加了 F flag 使内核可以在配置时加载解释器而非在运行时 Lazy load,通过这个方法我们可以利用一个容器来注册和运行ARM指令集的解释器。

$ docker run --rm --privileged npmccallum/qemu-register

在Mac上运行如下命令,无需任何修改就可以启动一个ARM镜像

$ docker run -p5000:5000 denverdino/multiarch:armv7
 * Serving Flask app "hello" (lazy loading)
 * Environment: production
   WARNING: Do not use the development server in a production environment.
   Use a production WSGI server instead.
 * Debug mode: off
 * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)

访问 http://0.0.0.0:5000/ , 可以看到当前CPU架构变成为 armv7l。意外不意外?惊不惊喜?:-)

image.png

总结

利用容器、操作系统和虚拟化技术,我们可以轻松在X86平台构建和测试ARM应用,简化了多CPU体系架构应用的支持。

参考

https://engineering.docker.com/2019/04/multi-arch-images/

http://collabnix.com/building-arm-based-docker-images-on-docker-desktop-made-possible-using-buildx/